ehe*_*hed 5 firebase firebase-security firebase-authentication google-cloud-firestore
我使用 Web / JS SDK 和 Firebase 身份验证来对用户进行身份验证(使用电话号码),然后尝试创建一个具有适当安全规则的 Firestore 文档(也使用 Web SDK)。但是,尽管经过身份验证,每个安全规则都会失败,因为请求身份验证由于某种原因为空。在下面的示例中,我尝试创建一个 ID 等于经过身份验证的用户的 uid(由 Firebase 生成)的文档。本例中的 uid 是pbc5l8cca7ELtwM0Kxctn9xLeT2i(它在调试日志记录中可见)。
我的规则:
service cloud.firestore {
match /databases/{database}/documents {
// Allow only authenticated content owners access
match /preferences/{userId} {
allow read, update: if debug(request.auth) != null && debug(request.auth.uid) == userId;
allow create: if debug(request) && debug(request.auth) != null;
}
该行的调试allow create正在打印出请求,奇怪的是标头中有一个承载令牌(如果我在未经身份验证的情况下尝试相同的操作,则该令牌会丢失),但请求的 auth 属性为空。
Apr 16, 2021 6:20:42 PM io.gapi.emulators.netty.HttpVersionRoutingHandler channelRead
INFO: Detected non-HTTP/2 connection.
Apr 16, 2021 6:20:42 PM com.google.net.webchannel.server.common.CorsFilter populateCustomHeaders
WARNING: Invalid $httpHeaders: X-Goog-Api-Client:gl-js/ fire/8.4.1
X-Firebase-GMPID:1:855732088727:web:38fc76872a93ee3e979ed2
Content-Type:text/plain
Authorization:Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJwaG9uZV9udW1iZXIiOiIrMTEyMjMzMzU1NTUiLCJhdXRoX3RpbWUiOjE2MTg2MTE2MjYsInVzZXJfaWQiOiJwYmM1bDhjY2E3RUx0d00wS3hjdG45eExlVDJpIiwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJwaG9uZSI6WyIrMTEyMjMzMzU1NTUiXX0sInNpZ25faW5fcHJvdmlkZXIiOiJwaG9uZSJ9LCJpYXQiOjE2MTg2MTE2MjYsImV4cCI6MTYxODYxNTIyNiwiYXVkIjoiZWFybmhhdXMtc3RhZ2luZyIsImlzcyI6Im0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9lYXJuaGF1cy1zdGFnaW5nIiwic3ViIjoicGJjNWw4Y2NhN0VMdHdNMEt4Y3RuOXhMZVQyaSJ9.
Apr 16, 2021 6:20:42 PM io.gapi.emulators.netty.HttpVersionRoutingHandler channelRead
INFO: Detected non-HTTP/2 connection.
Apr 16, 2021 6:20:42 PM io.gapi.emulators.netty.HttpVersionRoutingHandler channelRead
INFO: Detected non-HTTP/2 connection.
map_value {
fields {
key: "auth"
value {
null_value: NULL_VALUE
}
}
fields {
key: "headers"
value {
map_value {
}
}
}
fields {
key: "inTransaction"
value {
bool_value: true
}
}
fields {
key: "method"
value {
string_value: "create"
}
}
fields {
key: "path"
value {
path_value {
segments {
simple: "databases"
}
segments {
simple: "(default)"
}
segments {
simple: "documents"
}
segments {
simple: "preferences"
}
segments {
simple: "pbc5l8cca7ELtwM0Kxctn9xLeT2i"
}
}
}
}
fields {
key: "readFields"
value {
null_value: NULL_VALUE
}
}
fields {
key: "resource"
value {
map_value {
fields {
key: "__name__"
value {
path_value {
segments {
simple: "databases"
}
segments {
simple: "(default)"
}
segments {
simple: "documents"
}
segments {
simple: "preferences"
}
segments {
simple: "pbc5l8cca7ELtwM0Kxctn9xLeT2i"
}
}
}
}
fields {
key: "data"
value {
map_value {
fields {
key: "paymentMethod"
value {
string_value: "venmo"
}
}
fields {
key: "paymentRecipient"
value {
string_value: "+11223335555"
}
}
}
}
}
fields {
key: "id"
value {
string_value: "pbc5l8cca7ELtwM0Kxctn9xLeT2i"
}
}
}
}
}
fields {
key: "time"
value {
timestamp_value {
seconds: 1618611642
nanos: 877000000
}
}
}
fields {
key: "transforms"
value {
null_value: NULL_VALUE
}
}
fields {
key: "writeFields"
value {
null_value: NULL_VALUE
}
}
}
null_value: NULL_VALUE
Apr 16, 2021 6:20:42 PM com.google.cloud.datastore.emulator.impl.util.WrappedStreamObserver onError
INFO: operation failed:
false for 'create' @ L7
它为空的事实使得无法执行任何安全规则。我究竟做错了什么?
| 归档时间: |
|
| 查看次数: |
833 次 |
| 最近记录: |